vb.org Archive
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   vBulletin hack with vblogin.php (https://vborg.vbsupport.ru/showthread.php?t=315275)

Dave 11-06-2014 10:20 AM
It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.

Muhammad Rahman 11-06-2014 10:53 AM
Quote:
Originally Posted by Dave (Post 2521607)
It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.
i contact my server, don`t have any log hack .. they said hack from script, not from sever attack

this my plugin
  1. Adam's Subscribed Thread Notifications
  2. Advanced Application Forms (INACTIVE)
  3. BT - Social Group Message Quote
  4. Change Posts Owner
  5. Chip2love.9xpro - Limit new thread/post per day
  6. First Post on all pages (INACTIVE)
  7. Forum Category Icons (Advanced)
  8. Forum Runner (INACTIVE)
  9. GeekyDesigns Default Avatar
  10. Global Threads: The Next Generation FREE by BOP5
  11. GlowHost - Spam-O-Matic
  12. Helpful Answers (INACTIVE)
  13. iTrader (INACTIVE)
  14. Limit Posts Per Day in Threads by BOP5
  15. Make Prefixes Clickable to Filter Forumdisplay
  16. Mark Thread As 'Sold'
  17. Minimum Post Count Required To Post Blog Entries
  18. Mod-Mall BB Code Spoiler
  19. More Share Options for VB4 by BOP5 Light (INACTIVE)
  20. Nested Quotes
  21. Advanced User Tagging (DBTech)
  22. DBSeo (DBTech) (INACTIVE)
  23. Panjo (INACTIVE)
  24. PB Usergroup Choice on Registration (INACTIVE)
  25. Ajax Point System
  26. PostRelease (INACTIVE)
  27. ProvB - Extra Threadfields
  28. Rotating Banner System
  29. Skimlinks Plugin (INACTIVE)
  30. Subscription Notification System
  31. Tapatalk (INACTIVE)
  32. Thread Participants - by rellect
  33. Threads Started by User in Postbit & Profile
  34. User Article Count (INACTIVE)
  35. Usergroup Allow HTML
  36. vBadvanced CMPS
  37. vBulletin Blog (INACTIVE)
  38. vBulletin CMS (INACTIVE)
  39. vFcoders - Ajax First Post Collapsable Hack (INACTIVE)
  40. View your Threads or Posts from the Navbar
  41. VSa - Sub-Forum Manager (INACTIVE)
  42. WS vBulletin Tweet Poster
  43. XenForo Style Avatars
  44. [OzzModz] Exclude Forums From Activity Stream (INACTIVE)

ozzy47 11-06-2014 10:56 AM
Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin

Muhammad Rahman 11-06-2014 11:03 AM
Quote:
Originally Posted by ozzy47 (Post 2521611)
Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin
yes.. only my custom mod

Code:
ADD Fetch AVATAR URL        image_missing                [Edit] [Delete]
ADD FORUM NAV        parse_templates                [Edit] [Delete]
ADD RECENT EVENT CALENDAR        calendar_displaymonth_complete                [Edit] [Delete]
ADD RENDER FORUMLIST        forumbit_display                [Edit] [Delete]
ADD VAR FORUMDISPLAY        forumdisplay_complete                [Edit] [Delete]
ADD VAR SHOWGROUP        group_complete                [Edit] [Delete]
ADD VAR SHOWTHREAD        showthread_complete                [Edit] [Delete]
Auto display custom image when link images die in post        postbit_display_complete                [Edit] [Delete]
Avatar Header        parse_templates                [Edit] [Delete]
Avatar post lam - alif project        postbit_lite                [Edit] [Delete]
AVATAR THREAD        vba_cmps_module_recthreadsbits                [Edit] [Delete]
AVatar Thread Lam - alif Project        threadbit_display                [Edit] [Delete]
FG        activity_view_group                [Edit] [Delete]
FGD        fetch_template_complete                [Edit] [Delete]
FJB Mobile Iklan Terbaru        global_start                [Edit] [Delete]
FJB Newpost select category        parse_templates                [Edit] [Delete]
FJB_Kategori_Home        parse_templates                [Edit] [Delete]
FJB_Kategori_Navigasi        parse_templates                [Edit] [Delete]
Force Style        global_bootstrap_init_start                [Edit] [Delete]
Forum Kategori Navigasi        parse_templates                [Edit] [Delete]
Forum Newpost select category        parse_templates                [Edit] [Delete]
ghj        group_discussionbit_display_complete                [Edit] [Delete]
Kategori Sidebar        parse_templates                [Edit] [Delete]
Lintas Agama Terbaru        global_start                [Edit] [Delete]
Point Sistem Cache Template [Member info Block]        cache_templates                [Edit] [Delete]
REMOVE PREFIX Navbar        showthread_post_start                [Edit] [Delete]
SERP Date Group Discussion        group_discussionbit_display_complete                [Edit] [Delete]
SERP Date Group Message        group_messagebit_display_complete                [Edit] [Delete]
SERP Date Postbit        postbit_display_complete                [Edit] [Delete]
SERP Date Thread        threadbit_display                [Edit] [Delete]
Statistik Tab        member_build_blocks_start                [Edit] [Delete]
Tab Profile Default        member_build_blocks_start                [Edit] [Delete]
UNFORMAT        vbcms_article_populate_end                [Edit] [Delete]
ZP Event        global_start                [Edit] [Delete]
ZP Favorit Minggu Ini        global_start                [Edit] [Delete]
ZP Inspirasi Fashion        global_start                [Edit] [Delete]
ZP Recent Thread        global_start                [Edit] [Delete]

Dave 11-06-2014 11:18 AM
Check the FG, FGD, ghj and Lintas Agama Terbaru plugins because they have suspicious names which I never heard of. If unsure, post the contents of the plugins here.

Muhammad Rahman 11-06-2014 11:21 AM
Quote:
Originally Posted by Dave (Post 2521616)
Check the FG, FGD, ghj and Lintas Agama Terbaru plugins because they have suspicious names which I never heard of. If unsure, post the contents of the plugins here.
that plugin its my make with unique name ..

HM666 11-06-2014 03:57 PM
Have you overwritten the files with the vBulletin files downloaded from the members area? This is what you need to do to get rid of this problem for now. To my knowledge there is no vblogin.php file in the official download, its called login.php if I remember correctly. So as said before they modified this to use that file.

To find how they got in is a different matter. If you are running your forum on a shared server then that is more and likely how. Shared servers and just that...shared and less secure than a VPS or dedicated server. You can try and speak with your web host and see if they have any way to tell where the attack came from. Most likely the hacker gained access to your FTP and changed/uploaded files to your site.

RichieBoy67 11-06-2014 04:03 PM
Are you using any nulled plug ins? The nulled plug ins for Dbtech seo are known to do this. Be sure all your plug ins are licensed and up to date and that your file permissions are correct. Also that you have the latest patch for your Vbulletin version.

Once you find the hole you will need to change all server log ins, ftp, mysql, etc and admin logs.

TheLastSuperman 11-06-2014 05:00 PM
I saw the name Plum, he's one of the known powersurge hackers.

- You could have been hacked into long ago, spare admin accounts present?
- Even if you have disabled a mod/plugin the files still have the vulnerabilities present so m,ods such as Tapatalk which had a recent security exploit found should always be updated to the most secure version or removed entirely.
- Do as HM666 mentioned and overwrite all files, after that review the back-end and see if there's any spare admin accounts (use usergroup manager check for accounts w/ secondary usergroups assigned as well) and then check the plugins via the plugin manager as they can edit plugins after gaining access then finally check all files that were not overwritten and do not skip checking your attachments folder if stored in filesystem I've seen them hide files there too.

TheLastSuperman 11-06-2014 05:02 PM
Quote:
Originally Posted by Muhammad Rahman (Post 2521617)
that plugin its my make with unique name ..
You wrote it/them? If so check them again and be sure you coded them properly otherwise you could have a plethora of security issues that we'll never be aware of or able to offer assistance with and no do not post your code, if its a private mod/plugin all the better since code is not known I would review with another fellow coder or ask for assistance in the Private Coders Discussion forum.


All times are GMT. The time now is 06:51 AM.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01413 seconds
  • Memory Usage 1,760KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete